1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
22 (Kubernetes clusters should be accessible only over HTTPS (/providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d); Latest TLS version should be used in your API App (/providers/microsoft.authorization/policydefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e); Latest TLS version should be used in your Web App (/providers/microsoft.authorization/policydefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b); Latest TLS version should be used in your Function App (/providers/microsoft.authorization/policydefinitions/f9d614c5-c173-4d56-95a7-b4437057d193); API App should only be accessible over HTTPS (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-appserviceapiapp-http); AppService append enable https only setting to enforce https setting. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-appservice-httpsonly); AppService append sites with minimum TLS version to enforce. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-appservice-latesttls); Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-redis-sslenforcement); Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-redis-disablenonsslport); Azure Cache for Redis only secure connections should be enabled (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-redis-http); Azure Database for MySQL server deploy a specific min TLS version and enforce SSL. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-mysql-sslenforcement); Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-postgresql-sslenforcement); Azure SQL Database should have the minimal TLS version set to the highest version (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-sql-mintls); Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-storage-sslenforcement); Function App should only be accessible over HTTPS (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-appservicefunctionapp-http); MySQL database servers enforce SSL connections. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-mysql-http); PostgreSQL database servers enforce SSL connection. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-postgresql-http); SQL Managed Instance should have the minimal TLS version set to the highest version (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-sqlmi-mintls); SQL managed instances deploy a specific min TLS version requirement. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-sqlmi-mintls); SQL servers deploys a specific min TLS version requirement. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-sql-mintls); Storage Account set to minumum TLS and Secure transfer should be enabled (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-storage-mintls); Web Application should only be accessible over HTTPS (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-appservicewebapp-http))
62 (Deploy Diagnostic Settings for Service Bus to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/04d53d87-841c-4f23-8a5b-21564380b55e); Deploy Diagnostic Settings for Search Services to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d); Deploy Diagnostic Settings for Event Hub to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579); Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673); Deploy - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8); Configure diagnostic settings for storage accounts to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474); Public IP addresses should have resource logs enabled for Azure DDoS Protection Standard (/providers/microsoft.authorization/policydefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648); Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84); Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/b889a06c-ec72-4b03-910a-cb169ee18721); Deploy Diagnostic Settings for Key Vault to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47); Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories. (/providers/microsoft.authorization/policydefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3); Deploy Diagnostic Settings for Batch Account to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/c84e5349-db6d-4769-805e-e14037dab9b5); Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03); Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice); Deploy Diagnostic Settings for API Management to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt); Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm); Deploy Diagnostic Settings for App Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website); Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway); Deploy Diagnostic Settings for Automation to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa); Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apiforfhir); Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dataexplorercluster); Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function); Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mediaservice); Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints); Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices); Deploy Diagnostic Settings for Container Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci); Deploy Diagnostic Settings for Container Registry to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr); Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb); Deploy Diagnostic Settings for Data Factory to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory); Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics); Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql); Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql); Deploy Diagnostic Settings for Databricks to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks); Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub); Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic); Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic); Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute); Deploy Diagnostic Settings for Firewall to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall); Deploy Diagnostic Settings for Front Door to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor); Deploy Diagnostic Settings for HDInsight to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight); Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub); Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer); Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise); Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace); Deploy Diagnostic Settings for MariaDB to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb); Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic); Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups); Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded); Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache); Deploy Diagnostic Settings for Relay to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay); Deploy Diagnostic Settings for SignalR to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr); Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools); Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi); Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights); Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager); Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss); Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm); Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork); Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw); Deploy Diagnostic Settings for WVD Application group to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-wvdappgroup); Deploy Diagnostic Settings for WVD Host Pools to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-wvdhostpools); Deploy Diagnostic Settings for WVD Workspace to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-wvdworkspace))
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
No Subscriptions configured for Diagnostic settingsdocs
All Subscriptions are configured for Diagnostic settingsdocs
Resources
No Resources (1st party) Diagnostics capable
Create Custom Policies for Azure ResourceTypes that support Diagnostics Logs and MetricsCreate-AzDiagPolicy Supported categories for Azure Resource Logsdocs
Priority
Recommendation
ResourceType
Resource Count
Diagnostics capable (logs)
Policy Id
Policy DisplayName
Role definitions
Target
Log Categories not covered by Policy
Policy assignments
Policy used in PolicySet
PolicySet assignments
4-Low
no recommendation as this resourceType seems not existing
0 Management Groups approaching Limit (200) for PolicyAssignmentdocs
0 Management Groups approaching Limit (500) for Policy Scopedocs
0 Management Groups approaching Limit (200) for PolicySet Scopedocs
0 Management Groups approaching Limit (500) for RoleAssignmentdocs
Subscriptions
0 Subscriptions approaching Limit (980) for ResourceGroupsdocs
0 Subscriptions approaching Limit (50) for Tagsdocs
0 Subscriptions approaching Limit (200) for PolicyAssignmentdocs
0 Subscriptions approaching Limit (500) for Policy Scopedocs
0 Subscriptions approaching Limit (200) for PolicySet Scopedocs
0 Subscriptions approaching Limit () for RoleAssignmentdocs
Check out AzADServicePrincipalInsights POCGitHub Demystifying Service Principals - Managed IdentitiesdevBlogs John Savill - Azure AD App Registrations, Enterprise Apps and Service PrincipalsYouTube
No ServicePrincipals where the API returned 'Request_ResourceNotFound'
No Applications where the API returned 'Request_ResourceNotFound'
1 (Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
22 (Kubernetes clusters should be accessible only over HTTPS (/providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d); Latest TLS version should be used in your API App (/providers/microsoft.authorization/policydefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e); Latest TLS version should be used in your Web App (/providers/microsoft.authorization/policydefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b); Latest TLS version should be used in your Function App (/providers/microsoft.authorization/policydefinitions/f9d614c5-c173-4d56-95a7-b4437057d193); API App should only be accessible over HTTPS (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-appserviceapiapp-http); AppService append enable https only setting to enforce https setting. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-appservice-httpsonly); AppService append sites with minimum TLS version to enforce. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-appservice-latesttls); Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-redis-sslenforcement); Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-redis-disablenonsslport); Azure Cache for Redis only secure connections should be enabled (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-redis-http); Azure Database for MySQL server deploy a specific min TLS version and enforce SSL. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-mysql-sslenforcement); Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-postgresql-sslenforcement); Azure SQL Database should have the minimal TLS version set to the highest version (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-sql-mintls); Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-storage-sslenforcement); Function App should only be accessible over HTTPS (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-appservicefunctionapp-http); MySQL database servers enforce SSL connections. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-mysql-http); PostgreSQL database servers enforce SSL connection. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-postgresql-http); SQL Managed Instance should have the minimal TLS version set to the highest version (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-sqlmi-mintls); SQL managed instances deploy a specific min TLS version requirement. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-sqlmi-mintls); SQL servers deploys a specific min TLS version requirement. (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-sql-mintls); Storage Account set to minumum TLS and Secure transfer should be enabled (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-storage-mintls); Web Application should only be accessible over HTTPS (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-appservicewebapp-http))
62 (Deploy Diagnostic Settings for Service Bus to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/04d53d87-841c-4f23-8a5b-21564380b55e); Deploy Diagnostic Settings for Search Services to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d); Deploy Diagnostic Settings for Event Hub to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579); Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673); Deploy - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8); Configure diagnostic settings for storage accounts to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474); Public IP addresses should have resource logs enabled for Azure DDoS Protection Standard (/providers/microsoft.authorization/policydefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648); Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84); Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/b889a06c-ec72-4b03-910a-cb169ee18721); Deploy Diagnostic Settings for Key Vault to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47); Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories. (/providers/microsoft.authorization/policydefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3); Deploy Diagnostic Settings for Batch Account to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/c84e5349-db6d-4769-805e-e14037dab9b5); Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace (/providers/microsoft.authorization/policydefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03); Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice); Deploy Diagnostic Settings for API Management to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt); Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm); Deploy Diagnostic Settings for App Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website); Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway); Deploy Diagnostic Settings for Automation to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa); Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apiforfhir); Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dataexplorercluster); Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function); Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mediaservice); Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints); Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices); Deploy Diagnostic Settings for Container Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci); Deploy Diagnostic Settings for Container Registry to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr); Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb); Deploy Diagnostic Settings for Data Factory to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory); Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics); Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql); Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql); Deploy Diagnostic Settings for Databricks to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks); Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub); Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic); Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic); Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute); Deploy Diagnostic Settings for Firewall to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall); Deploy Diagnostic Settings for Front Door to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor); Deploy Diagnostic Settings for HDInsight to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight); Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub); Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer); Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise); Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace); Deploy Diagnostic Settings for MariaDB to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb); Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic); Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups); Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded); Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache); Deploy Diagnostic Settings for Relay to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay); Deploy Diagnostic Settings for SignalR to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr); Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools); Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi); Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights); Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager); Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss); Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm); Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork); Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw); Deploy Diagnostic Settings for WVD Application group to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-wvdappgroup); Deploy Diagnostic Settings for WVD Host Pools to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-wvdhostpools); Deploy Diagnostic Settings for WVD Workspace to Log Analytics workspace (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-wvdworkspace))
Deny or Audit resources without Encryption with a customer-managed key (CMK) (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); CIS Microsoft Azure Foundations Benchmark v1.1.0 (/providers/microsoft.authorization/policysetdefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); CIS Microsoft Azure Foundations Benchmark v1.3.0 (/providers/microsoft.authorization/policysetdefinitions/612b5213-9160-4969-8578-1518bd2a000c); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
App Service
False
False
n/a
n/a
Audit
false
0
n/a
true
20
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
Custom
App Service
False
False
Mg
alz (Azure Landing Zones)
Deny
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
n/a
Custom
App Service
False
False
Mg
alz (Azure Landing Zones)
Append
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
n/a
BuiltIn
Machine Learning
False
False
n/a
n/a
Audit
false
0
n/a
false
0
n/a
n/a
BuiltIn
Lighthouse
False
False
n/a
n/a
Audit
false
0
n/a
false
0
n/a
n/a
BuiltIn
Monitoring
False
False
n/a
n/a
n/a
false
0
n/a
true
12
IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de)
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
16
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); Audit machines with insecure password security settings (/providers/microsoft.authorization/policysetdefinitions/095e4ed9-c835-4ab6-9439-b5644362a06c); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: Motion Picture Association of America (MPAA) (/providers/microsoft.authorization/policysetdefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
14
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); Audit machines with insecure password security settings (/providers/microsoft.authorization/policysetdefinitions/095e4ed9-c835-4ab6-9439-b5644362a06c); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); Audit machines with insecure password security settings (/providers/microsoft.authorization/policysetdefinitions/095e4ed9-c835-4ab6-9439-b5644362a06c); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
false
0
n/a
n/a
BuiltIn
General
False
False
n/a
n/a
n/a
false
0
n/a
true
1
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
n/a
BuiltIn
General
False
False
n/a
n/a
Audit
false
0
n/a
true
17
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Compute
False
False
n/a
n/a
n/a
false
0
n/a
true
13
IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Compute
False
False
n/a
n/a
n/a
false
0
n/a
true
4
UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); CIS Microsoft Azure Foundations Benchmark v1.3.0 (/providers/microsoft.authorization/policysetdefinitions/612b5213-9160-4969-8578-1518bd2a000c); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
n/a
false
0
n/a
true
9
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a)
Audit machines with insecure password security settings (/providers/microsoft.authorization/policysetdefinitions/095e4ed9-c835-4ab6-9439-b5644362a06c); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
11
Audit machines with insecure password security settings (/providers/microsoft.authorization/policysetdefinitions/095e4ed9-c835-4ab6-9439-b5644362a06c); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
14
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); Audit machines with insecure password security settings (/providers/microsoft.authorization/policysetdefinitions/095e4ed9-c835-4ab6-9439-b5644362a06c); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
false
0
n/a
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
false
0
n/a
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
15
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); Audit machines with insecure password security settings (/providers/microsoft.authorization/policysetdefinitions/095e4ed9-c835-4ab6-9439-b5644362a06c); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: Motion Picture Association of America (MPAA) (/providers/microsoft.authorization/policysetdefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Guest Configuration
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
11
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); Audit machines with insecure password security settings (/providers/microsoft.authorization/policysetdefinitions/095e4ed9-c835-4ab6-9439-b5644362a06c); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693); Deny or Audit resources without Encryption with a customer-managed key (CMK) (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk)
n/a
BuiltIn
Batch
False
False
n/a
n/a
Audit
false
0
n/a
false
0
n/a
n/a
Custom
Cache
False
False
Mg
alz (Azure Landing Zones)
Append
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
n/a
Custom
Cache
False
False
Mg
alz (Azure Landing Zones)
Append
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
n/a
Custom
Cache
False
False
Mg
alz (Azure Landing Zones)
Deny
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
Public network access should be disabled for PaaS services (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deny-publicpaasendpoints)
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
'Owner' (8e3af657-a8ff-443c-a75c-2fe8c4bcb635)
Custom
SQL
False
False
Mg
alz (Azure Landing Zones)
DeployIfNotExists
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
'Owner' (8e3af657-a8ff-443c-a75c-2fe8c4bcb635)
BuiltIn
Security Center
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
15
IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
CIS Microsoft Azure Foundations Benchmark v1.1.0 (/providers/microsoft.authorization/policysetdefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a)
n/a
BuiltIn
Kubernetes
False
False
n/a
n/a
Audit
false
0
n/a
false
0
n/a
n/a
BuiltIn
Kubernetes
False
False
n/a
n/a
Audit
false
0
n/a
true
1
Public network access should be disabled for PaaS services (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deny-publicpaasendpoints)
n/a
BuiltIn
Monitoring
False
False
n/a
n/a
Audit
false
0
n/a
false
0
n/a
n/a
Custom
Machine Learning
False
False
Mg
alz (Azure Landing Zones)
Deny
false
0
n/a
false
0
n/a
n/a
BuiltIn
Machine Learning
False
False
n/a
n/a
Audit
false
0
n/a
true
9
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693); Deny or Audit resources without Encryption with a customer-managed key (CMK) (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk)
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
n/a
BuiltIn
SQL
False
False
n/a
n/a
Audit
false
0
n/a
false
0
n/a
n/a
Custom
SQL
False
False
Mg
alz (Azure Landing Zones)
Audit
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
'Owner' (8e3af657-a8ff-443c-a75c-2fe8c4bcb635)
BuiltIn
Stream Analytics
False
False
n/a
n/a
audit
false
0
n/a
true
7
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693); Deny or Audit resources without Encryption with a customer-managed key (CMK) (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk)
n/a
BuiltIn
Monitoring
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
3
CIS Microsoft Azure Foundations Benchmark v1.1.0 (/providers/microsoft.authorization/policysetdefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de)
n/a
BuiltIn
Synapse
False
False
n/a
n/a
Audit
false
0
n/a
false
0
n/a
n/a
BuiltIn
Synapse
False
False
n/a
n/a
Audit
false
0
n/a
false
0
n/a
n/a
BuiltIn
Synapse
False
False
n/a
n/a
Audit
false
0
n/a
true
7
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693); Deny or Audit resources without Encryption with a customer-managed key (CMK) (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
'Search Service Contributor' (7ca78c08-252a-4471-8644-bb5ff32d4ba0)
BuiltIn
Search
False
False
n/a
n/a
Modify
false
0
n/a
false
0
n/a
'Network Contributor' (4d97b98b-1d4f-4787-a291-c67834d212e7); 'Search Service Contributor' (7ca78c08-252a-4471-8644-bb5ff32d4ba0)
BuiltIn
Search
False
False
n/a
n/a
DeployIfNotExists
false
0
n/a
true
1
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
'Network Contributor' (4d97b98b-1d4f-4787-a291-c67834d212e7); 'Search Service Contributor' (7ca78c08-252a-4471-8644-bb5ff32d4ba0)
BuiltIn
Security Center
False
False
n/a
n/a
DeployIfNotExists
false
0
n/a
true
1
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
'Azure Event Hubs Data Owner' (f526a384-b230-433a-b45c-95f59c4a2dec)
BuiltIn
Storage
False
False
n/a
n/a
DeployIfNotExists
false
0
n/a
true
1
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
'Private DNS Zone Contributor' (b12aa53e-6015-4669-85d0-8515ebb3ae7f); 'Network Contributor' (4d97b98b-1d4f-4787-a291-c67834d212e7)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
'Network Contributor' (4d97b98b-1d4f-4787-a291-c67834d212e7); 'Azure Event Hubs Data Owner' (f526a384-b230-433a-b45c-95f59c4a2dec)
BuiltIn
Internet of Things
False
False
n/a
n/a
DeployIfNotExists
false
0
n/a
true
1
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Enable Azure Monitor for VMs (/providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
n/a
BuiltIn
Monitoring
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
3
[Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); Enable Azure Monitor for Virtual Machine Scale Sets (/providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2)
n/a
BuiltIn
Event Grid
False
False
n/a
n/a
deployIfNotExists
false
0
n/a
true
1
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Enable Azure Monitor for VMs (/providers/microsoft.authorization/policysetdefinitions/55f3eceb-5573-4f18-9695-226972c6d74a); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
Configure Azure PaaS services to use private DNS zones (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-private-dns-zones)
'Azure Kubernetes Service Contributor Role' (ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8); 'Azure Kubernetes Service Policy Add-on Deployment' (18ed5180-3e48-46fd-8541-4ea054d57064)
Custom
Security Center
False
False
Mg
alz (Azure Landing Zones)
DeployIfNotExists
false
0
n/a
true
1
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config)
'SQL DB Contributor' (9b7fa17d-e63e-47b0-bb0a-15c516ac86ec)
BuiltIn
Guest Configuration
False
False
n/a
n/a
n/a
false
0
n/a
true
17
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); Deploy prerequisites to enable Guest Configuration policies on virtual machines (/providers/microsoft.authorization/policysetdefinitions/12794019-7a00-42cf-95c2-882eed337cc8); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: Motion Picture Association of America (MPAA) (/providers/microsoft.authorization/policysetdefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); Deploy prerequisites to enable Guest Configuration policies on virtual machines (/providers/microsoft.authorization/policysetdefinitions/12794019-7a00-42cf-95c2-882eed337cc8); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: Motion Picture Association of America (MPAA) (/providers/microsoft.authorization/policysetdefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
Custom
App Service
False
False
Mg
alz (Azure Landing Zones)
Deny
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); Enable Azure Monitor for Virtual Machine Scale Sets (/providers/microsoft.authorization/policysetdefinitions/75714362-cae7-409e-9b99-a8e5075b7fad); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); CIS Microsoft Azure Foundations Benchmark v1.1.0 (/providers/microsoft.authorization/policysetdefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); CIS Microsoft Azure Foundations Benchmark v1.3.0 (/providers/microsoft.authorization/policysetdefinitions/612b5213-9160-4969-8578-1518bd2a000c); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
Custom
SQL
False
False
Mg
alz (Azure Landing Zones)
Deny
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
n/a
BuiltIn
SQL
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
1
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
n/a
BuiltIn
SQL
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
9
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693); Deny or Audit resources without Encryption with a customer-managed key (CMK) (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk)
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
n/a
BuiltIn
SQL
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
1
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
n/a
BuiltIn
SQL
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
10
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693); Deny or Audit resources without Encryption with a customer-managed key (CMK) (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encryption-cmk)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693); Public network access should be disabled for PaaS services (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deny-publicpaasendpoints)
n/a
BuiltIn
Storage
False
False
n/a
n/a
Audit
false
0
n/a
true
1
Public network access should be disabled for PaaS services (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deny-publicpaasendpoints)
n/a
BuiltIn
Batch
False
False
n/a
n/a
Audit
false
0
n/a
true
1
Public network access should be disabled for PaaS services (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deny-publicpaasendpoints)
n/a
BuiltIn
Container Registry
False
False
n/a
n/a
Audit
false
0
n/a
true
2
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); Public network access should be disabled for PaaS services (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deny-publicpaasendpoints)
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); Public network access should be disabled for PaaS services (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deny-publicpaasendpoints)
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); Public network access should be disabled for PaaS services (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deny-publicpaasendpoints)
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
n/a
BuiltIn
Security Center
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
20
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: Motion Picture Association of America (MPAA) (/providers/microsoft.authorization/policysetdefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
SQL
False
False
n/a
n/a
Audit
false
0
n/a
true
1
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
n/a
Custom
SQL
False
False
Mg
alz (Azure Landing Zones)
Audit
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
n/a
Custom
SQL
False
False
Mg
alz (Azure Landing Zones)
DeployIfNotExists
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
'Owner' (8e3af657-a8ff-443c-a75c-2fe8c4bcb635)
BuiltIn
SQL
False
False
n/a
n/a
Deny
false
0
n/a
true
1
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6)
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a)
n/a
Custom
Storage
False
False
Mg
alz (Azure Landing Zones)
Deny
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); CIS Microsoft Azure Foundations Benchmark v1.1.0 (/providers/microsoft.authorization/policysetdefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); CIS Microsoft Azure Foundations Benchmark v1.3.0 (/providers/microsoft.authorization/policysetdefinitions/612b5213-9160-4969-8578-1518bd2a000c); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: Motion Picture Association of America (MPAA) (/providers/microsoft.authorization/policysetdefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693); Public network access should be disabled for PaaS services (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deny-publicpaasendpoints)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de)
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Security Center
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
21
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); CIS Microsoft Azure Foundations Benchmark v1.1.0 (/providers/microsoft.authorization/policysetdefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
Security Center
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
19
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: Motion Picture Association of America (MPAA) (/providers/microsoft.authorization/policysetdefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
SQL
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
5
[Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); CIS Microsoft Azure Foundations Benchmark v1.3.0 (/providers/microsoft.authorization/policysetdefinitions/612b5213-9160-4969-8578-1518bd2a000c); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a)
n/a
BuiltIn
SQL
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
16
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); CIS Microsoft Azure Foundations Benchmark v1.3.0 (/providers/microsoft.authorization/policysetdefinitions/612b5213-9160-4969-8578-1518bd2a000c); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
BuiltIn
SQL
False
False
n/a
n/a
AuditIfNotExists
false
0
n/a
true
16
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); CIS Microsoft Azure Foundations Benchmark v1.3.0 (/providers/microsoft.authorization/policysetdefinitions/612b5213-9160-4969-8578-1518bd2a000c); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a)
n/a
BuiltIn
Network
False
False
n/a
n/a
Audit
false
0
n/a
true
3
[Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a)
n/a
BuiltIn
App Service
False
False
n/a
n/a
Audit
false
0
n/a
true
22
NIST SP 800-171 Rev. 2 (/providers/microsoft.authorization/policysetdefinitions/03055927-78bd-4236-86c0-f36125a10dc9); IRS1075 September 2016 (/providers/microsoft.authorization/policysetdefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d); NIST SP 800-53 Rev. 5 (/providers/microsoft.authorization/policysetdefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f); CIS Microsoft Azure Foundations Benchmark v1.1.0 (/providers/microsoft.authorization/policysetdefinitions/1a5bb27d-173f-493e-9568-eb56638dde4d); Azure Security Benchmark (/providers/microsoft.authorization/policysetdefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8); [Preview]: Australian Government ISM PROTECTED (/providers/microsoft.authorization/policysetdefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077); UK OFFICIAL and UK NHS (/providers/microsoft.authorization/policysetdefinitions/3937f550-eedd-4639-9c5e-294358be442e); [Preview]: SWIFT CSP-CSCF v2020 (/providers/microsoft.authorization/policysetdefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22); [Deprecated]: Azure Security Benchmark v1 (/providers/microsoft.authorization/policysetdefinitions/42a694ed-f65e-42b2-aa9e-8052e9740a92); PCI v3.2.1:2018 (/providers/microsoft.authorization/policysetdefinitions/496eeda9-8f2f-4d5e-8dfd-204f0a92ed41); Canada Federal PBMM (/providers/microsoft.authorization/policysetdefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87); CIS Microsoft Azure Foundations Benchmark v1.3.0 (/providers/microsoft.authorization/policysetdefinitions/612b5213-9160-4969-8578-1518bd2a000c); ISO 27001:2013 (/providers/microsoft.authorization/policysetdefinitions/89c6cddc-1c73-4ac1-b19c-54d1a15a42f2); [Deprecated]: DoD Impact Level 4 (/providers/microsoft.authorization/policysetdefinitions/8d792a84-723c-4d92-a3c3-e4ed16a2d133); [Preview]: RMIT Malaysia (/providers/microsoft.authorization/policysetdefinitions/97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6); HITRUST/HIPAA (/providers/microsoft.authorization/policysetdefinitions/a169a624-5599-4385-a696-c8d643089fab); CMMC Level 3 (/providers/microsoft.authorization/policysetdefinitions/b5629c75-5c77-4422-87b9-2509e680f8de); [Deprecated]: Azure Security Benchmark v2 (/providers/microsoft.authorization/policysetdefinitions/bb522ac1-bc39-4957-b194-429bcd3bcb0b); NIST SP 800-53 Rev. 4 (/providers/microsoft.authorization/policysetdefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f); New Zealand ISM Restricted (/providers/microsoft.authorization/policysetdefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a); FedRAMP High (/providers/microsoft.authorization/policysetdefinitions/d5264498-16f4-418a-b659-fa7ef418175f); FedRAMP Moderate (/providers/microsoft.authorization/policysetdefinitions/e95f5a9f-57ad-4d03-bb0b-b1d16db93693)
n/a
Custom
App Service
False
False
Mg
alz (Azure Landing Zones)
Deny
false
0
n/a
true
1
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit)
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Application Gateway should be deployed with WAF enabled
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
AppService append sites with minimum TLS version to enforce.
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled.
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Azure Cache for Redis only secure connections should be enabled
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Azure Machine Learning should have disabled public network access
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Control private endpoint connections to Azure Machine Learning
1 (Deploy Microsoft Defender for Cloud configuration (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/deploy-mdfc-config))
Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Public network access should be disabled for MariaDB
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
SQL managed instances deploy a specific min TLS version requirement.
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
SQL servers deploys a specific min TLS version requirement.
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
Storage Account set to minumum TLS and Secure transfer should be enabled
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
1 (Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policysetdefinitions/enforce-encrypttransit))
20 (<a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/06695360-db88-47f6-b976-7500d4297475.html" target="_blank" rel="noopener">Configure Azure File Sync to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/06695360-db88-47f6-b976-7500d4297475); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/0b026355-49cb-467b-8ac4-f777874e175a.html" target="_blank" rel="noopener">Configure Azure Web PubSub Service to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/0b026355-49cb-467b-8ac4-f777874e175a); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/4ec38ebc-381f-45ee-81a4-acbc4be878f8.html" target="_blank" rel="noopener">Deploy - Configure private DNS zones for private endpoints that connect to Batch accounts</a> (/providers/microsoft.authorization/policydefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/7a860e27-9ca2-4fc6-822d-c2d248c300df.html" target="_blank" rel="noopener">Configure private DNS zones for private endpoints connected to App Configuration</a> (/providers/microsoft.authorization/policydefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/942bd215-1a66-44be-af65-6a1c0318dbe2.html" target="_blank" rel="noopener">[Preview]: Configure Azure Recovery Services vaults to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8.html" target="_blank" rel="noopener">Configure IoT Hub device provisioning instances to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4.html" target="_blank" rel="noopener">[Preview]: Configure Azure Key Vaults to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/b0e86710-7fb7-4a6c-a064-32e9b829509e.html" target="_blank" rel="noopener">Deploy - Configure private DNS zones for private endpoints connect to Azure SignalR Service</a> (/providers/microsoft.authorization/policydefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/b318f84a-b872-429b-ac6d-a01b96814452.html" target="_blank" rel="noopener">Configure App Services to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/b318f84a-b872-429b-ac6d-a01b96814452); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/baf19753-7502-405f-8745-370519b20483.html" target="_blank" rel="noopener">Deploy - Configure Azure Event Grid topics to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/baf19753-7502-405f-8745-370519b20483); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a.html" target="_blank" rel="noopener">Configure disk access resources to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/c4bc6f10-cb41-49eb-b000-d5ab82e2a091.html" target="_blank" rel="noopener">Configure Cognitive Services accounts to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02.html" target="_blank" rel="noopener">Deploy - Configure Azure IoT Hubs to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/d389df0a-e0d7-4607-833c-75a6fdac2c2d.html" target="_blank" rel="noopener">Deploy - Configure Azure Event Grid domains to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/e016b22b-e0eb-436d-8fd7-160c4eaed6e2.html" target="_blank" rel="noopener">Configure Azure Cache for Redis to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32.html" target="_blank" rel="noopener">Configure Container registries to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/ed66d4f5-8220-45dc-ab4a-20d1749c74e6.html" target="_blank" rel="noopener">Configure Event Hub namespaces to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/ee40564d-486e-4f68-a5ca-7a621edae0fb.html" target="_blank" rel="noopener">Configure Azure Machine Learning workspace to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/f0fcf93c-c063-4071-9668-c47474bd3564.html" target="_blank" rel="noopener">Configure Service Bus namespaces to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/f0fcf93c-c063-4071-9668-c47474bd3564); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/fbc14a67-53e4-4932-abcc-2049c6706009.html" target="_blank" rel="noopener">Configure Azure Cognitive Search services to use private DNS zones</a> (/providers/microsoft.authorization/policydefinitions/fbc14a67-53e4-4932-abcc-2049c6706009))
Deny or Audit resources without Encryption with a customer-managed key (CMK)
15 (<a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/051cba44-2429-45b9-9649-46cec11c7119.html" target="_blank" rel="noopener">Azure API for FHIR should use a customer-managed key to encrypt data at rest</a> (/providers/microsoft.authorization/policydefinitions/051cba44-2429-45b9-9649-46cec11c7119); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/0961003e-5a0a-4549-abde-af6a37f2724d.html" target="_blank" rel="noopener">Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources</a> (/providers/microsoft.authorization/policydefinitions/0961003e-5a0a-4549-abde-af6a37f2724d); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/0d134df8-db83-46fb-ad72-fe0c9428c8dd.html" target="_blank" rel="noopener">[Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest</a> (/providers/microsoft.authorization/policydefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/18adea5e-f416-4d0f-8aa8-d24321e3e274.html" target="_blank" rel="noopener">PostgreSQL servers should use customer-managed keys to encrypt data at rest</a> (/providers/microsoft.authorization/policydefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/1f905d99-2ab7-462c-a6b0-f709acca6c8f.html" target="_blank" rel="noopener">Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest</a> (/providers/microsoft.authorization/policydefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580.html" target="_blank" rel="noopener">Container registries should be encrypted with a customer-managed key</a> (/providers/microsoft.authorization/policydefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/67121cc7-ff39-4ab8-b7e3-95b84dab487d.html" target="_blank" rel="noopener">Cognitive Services accounts should enable data encryption with a customer-managed key</a> (/providers/microsoft.authorization/policydefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/6fac406b-40ca-413b-bf8e-0bf964659c25.html" target="_blank" rel="noopener">Storage accounts should use customer-managed key for encryption</a> (/providers/microsoft.authorization/policydefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/7d7be79c-23ba-4033-84dd-45e2a5ccdd67.html" target="_blank" rel="noopener">Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys</a> (/providers/microsoft.authorization/policydefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/83cef61d-dbd1-4b20-a4fc-5fbc7da10833.html" target="_blank" rel="noopener">MySQL servers should use customer-managed keys to encrypt data at rest</a> (/providers/microsoft.authorization/policydefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/86efb160-8de7-451d-bc08-5d475b0aadae.html" target="_blank" rel="noopener">Azure Data Box jobs should use a customer-managed key to encrypt the device unlock password</a> (/providers/microsoft.authorization/policydefinitions/86efb160-8de7-451d-bc08-5d475b0aadae); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/87ba29ef-1ab3-4d82-b763-87fcd4f531f7.html" target="_blank" rel="noopener">Azure Stream Analytics jobs should use customer-managed keys to encrypt data</a> (/providers/microsoft.authorization/policydefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a.html" target="_blank" rel="noopener">Azure Batch account should use customer-managed keys to encrypt data</a> (/providers/microsoft.authorization/policydefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/ba769a63-b8cc-4b2d-abf6-ac33c7204be8.html" target="_blank" rel="noopener">Azure Machine Learning workspaces should be encrypted with a customer-managed key</a> (/providers/microsoft.authorization/policydefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/f7d52b2d-e161-4dfa-a82b-55e564167385.html" target="_blank" rel="noopener">Azure Synapse workspaces should use customer-managed keys to encrypt data at rest</a> (/providers/microsoft.authorization/policydefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385))
Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit
22 (<a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d.html" target="_blank" rel="noopener">Kubernetes clusters should be accessible only over HTTPS</a> (/providers/microsoft.authorization/policydefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e.html" target="_blank" rel="noopener">Latest TLS version should be used in your API App</a> (/providers/microsoft.authorization/policydefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b.html" target="_blank" rel="noopener">Latest TLS version should be used in your Web App</a> (/providers/microsoft.authorization/policydefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/f9d614c5-c173-4d56-95a7-b4437057d193.html" target="_blank" rel="noopener">Latest TLS version should be used in your Function App</a> (/providers/microsoft.authorization/policydefinitions/f9d614c5-c173-4d56-95a7-b4437057d193); <b>API App should only be accessible over HTTPS</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-appserviceapiapp-http); <b>AppService append enable https only setting to enforce https setting.</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-appservice-httpsonly); <b>AppService append sites with minimum TLS version to enforce.</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-appservice-latesttls); <b>Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-redis-sslenforcement); <b>Azure Cache for Redis Append and the enforcement that enableNonSslPort is disabled.</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/append-redis-disablenonsslport); <b>Azure Cache for Redis only secure connections should be enabled</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-redis-http); <b>Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-mysql-sslenforcement); <b>Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL </b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-postgresql-sslenforcement); <b>Azure SQL Database should have the minimal TLS version set to the highest version</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-sql-mintls); <b>Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS </b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-storage-sslenforcement); <b>Function App should only be accessible over HTTPS</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-appservicefunctionapp-http); <b>MySQL database servers enforce SSL connections.</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-mysql-http); <b>PostgreSQL database servers enforce SSL connection.</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-postgresql-http); <b>SQL Managed Instance should have the minimal TLS version set to the highest version</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-sqlmi-mintls); <b>SQL managed instances deploy a specific min TLS version requirement.</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-sqlmi-mintls); <b>SQL servers deploys a specific min TLS version requirement.</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-sql-mintls); <b>Storage Account set to minumum TLS and Secure transfer should be enabled</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-storage-mintls); <b>Web Application should only be accessible over HTTPS</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deny-appservicewebapp-http))
62 (<a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/04d53d87-841c-4f23-8a5b-21564380b55e.html" target="_blank" rel="noopener">Deploy Diagnostic Settings for Service Bus to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/04d53d87-841c-4f23-8a5b-21564380b55e); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/08ba64b8-738f-4918-9686-730d2ed79c7d.html" target="_blank" rel="noopener">Deploy Diagnostic Settings for Search Services to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/1f6e93e8-6b31-41b1-83f6-36e449a42579.html" target="_blank" rel="noopener">Deploy Diagnostic Settings for Event Hub to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673.html" target="_blank" rel="noopener">Deploy Diagnostic Settings for Stream Analytics to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/6c66c325-74c8-42fd-a286-a74b0e2939d8.html" target="_blank" rel="noopener">Deploy - Configure diagnostic settings for Azure Kubernetes Service to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/6f8f98a4-f108-47cb-8e98-91a0d85cd474.html" target="_blank" rel="noopener">Configure diagnostic settings for storage accounts to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/752154a7-1e0f-45c6-a880-ac75a7e4f648.html" target="_blank" rel="noopener">Public IP addresses should have resource logs enabled for Azure DDoS Protection Standard</a> (/providers/microsoft.authorization/policydefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/b79fa14e-238a-4c2d-b376-442ce508fc84.html" target="_blank" rel="noopener">Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/b889a06c-ec72-4b03-910a-cb169ee18721.html" target="_blank" rel="noopener">Deploy Diagnostic Settings for Logic Apps to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/b889a06c-ec72-4b03-910a-cb169ee18721); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/bef3f64c-5290-43b7-85b0-9b254eef4c47.html" target="_blank" rel="noopener">Deploy Diagnostic Settings for Key Vault to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/c717fb0c-d118-4c43-ab3d-ece30ac81fb3.html" target="_blank" rel="noopener">Deploy Diagnostic Settings for Recovery Services Vault to Log Analytics workspace for resource specific categories.</a> (/providers/microsoft.authorization/policydefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/c84e5349-db6d-4769-805e-e14037dab9b5.html" target="_blank" rel="noopener">Deploy Diagnostic Settings for Batch Account to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/c84e5349-db6d-4769-805e-e14037dab9b5); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03.html" target="_blank" rel="noopener">Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace</a> (/providers/microsoft.authorization/policydefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03); <b>Deploy Diagnostic Settings for Analysis Services to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-analysisservice); <b>Deploy Diagnostic Settings for API Management to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apimgmt); <b>Deploy Diagnostic Settings for App Service Plan to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-webserverfarm); <b>Deploy Diagnostic Settings for App Service to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-website); <b>Deploy Diagnostic Settings for Application Gateway to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-applicationgateway); <b>Deploy Diagnostic Settings for Automation to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aa); <b>Deploy Diagnostic Settings for Azure API for FHIR to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-apiforfhir); <b>Deploy Diagnostic Settings for Azure Data Explorer Cluster to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dataexplorercluster); <b>Deploy Diagnostic Settings for Azure Function App to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-function); <b>Deploy Diagnostic Settings for Azure Media Service to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mediaservice); <b>Deploy Diagnostic Settings for CDN Endpoint to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cdnendpoints); <b>Deploy Diagnostic Settings for Cognitive Services to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cognitiveservices); <b>Deploy Diagnostic Settings for Container Instances to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-aci); <b>Deploy Diagnostic Settings for Container Registry to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-acr); <b>Deploy Diagnostic Settings for Cosmos DB to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-cosmosdb); <b>Deploy Diagnostic Settings for Data Factory to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-datafactory); <b>Deploy Diagnostic Settings for Data Lake Analytics to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-dlanalytics); <b>Deploy Diagnostic Settings for Database for MySQL to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mysql); <b>Deploy Diagnostic Settings for Database for PostgreSQL to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-postgresql); <b>Deploy Diagnostic Settings for Databricks to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-databricks); <b>Deploy Diagnostic Settings for Event Grid subscriptions to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsub); <b>Deploy Diagnostic Settings for Event Grid System Topic to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridsystemtopic); <b>Deploy Diagnostic Settings for Event Grid Topic to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-eventgridtopic); <b>Deploy Diagnostic Settings for ExpressRoute to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-expressroute); <b>Deploy Diagnostic Settings for Firewall to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-firewall); <b>Deploy Diagnostic Settings for Front Door to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-frontdoor); <b>Deploy Diagnostic Settings for HDInsight to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-hdinsight); <b>Deploy Diagnostic Settings for IoT Hub to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-iothub); <b>Deploy Diagnostic Settings for Load Balancer to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-loadbalancer); <b>Deploy Diagnostic Settings for Logic Apps integration service environment to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-logicappsise); <b>Deploy Diagnostic Settings for Machine Learning workspace to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mlworkspace); <b>Deploy Diagnostic Settings for MariaDB to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-mariadb); <b>Deploy Diagnostic Settings for Network Interfaces to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-nic); <b>Deploy Diagnostic Settings for Network Security Groups to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-networksecuritygroups); <b>Deploy Diagnostic Settings for Power BI Embedded to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-powerbiembedded); <b>Deploy Diagnostic Settings for Redis Cache to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-rediscache); <b>Deploy Diagnostic Settings for Relay to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-relay); <b>Deploy Diagnostic Settings for SignalR to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-signalr); <b>Deploy Diagnostic Settings for SQL Elastic Pools to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlelasticpools); <b>Deploy Diagnostic Settings for SQL Managed Instances to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-sqlmi); <b>Deploy Diagnostic Settings for Time Series Insights to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-timeseriesinsights); <b>Deploy Diagnostic Settings for Traffic Manager to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-trafficmanager); <b>Deploy Diagnostic Settings for Virtual Machine Scale Sets to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vmss); <b>Deploy Diagnostic Settings for Virtual Machines to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vm); <b>Deploy Diagnostic Settings for Virtual Network to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-virtualnetwork); <b>Deploy Diagnostic Settings for VPN Gateway to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-vnetgw); <b>Deploy Diagnostic Settings for WVD Application group to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-wvdappgroup); <b>Deploy Diagnostic Settings for WVD Host Pools to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-wvdhostpools); <b>Deploy Diagnostic Settings for WVD Workspace to Log Analytics workspace</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-diagnostics-wvdworkspace))
12 (<a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/1f725891-01c0-420a-9059-4fa46cb770b7.html" target="_blank" rel="noopener">Configure Azure Defender for Key Vaults to be enabled</a> (/providers/microsoft.authorization/policydefinitions/1f725891-01c0-420a-9059-4fa46cb770b7); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/2370a3c1-4a25-4283-a91a-c9c1a145fb2f.html" target="_blank" rel="noopener">Configure Azure Defender for DNS to be enabled</a> (/providers/microsoft.authorization/policydefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/44433aa3-7ec2-4002-93ea-65c65ff0310a.html" target="_blank" rel="noopener">Configure Azure Defender for open-source relational databases to be enabled</a> (/providers/microsoft.authorization/policydefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/50ea7265-7d8c-429e-9a7d-ca1f410191c3.html" target="_blank" rel="noopener">Configure Azure Defender for SQL servers on machines to be enabled</a> (/providers/microsoft.authorization/policydefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/74c30959-af11-47b3-9ed2-a26e03f427a3.html" target="_blank" rel="noopener">Configure Azure Defender for Storage to be enabled</a> (/providers/microsoft.authorization/policydefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222.html" target="_blank" rel="noopener">Configure Azure Defender for servers to be enabled</a> (/providers/microsoft.authorization/policydefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d.html" target="_blank" rel="noopener">Configure Azure Defender for App Service to be enabled</a> (/providers/microsoft.authorization/policydefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9.html" target="_blank" rel="noopener">Configure Azure Defender for Resource Manager to be enabled</a> (/providers/microsoft.authorization/policydefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/b99b73e7-074b-4089-9395-b7236f094491.html" target="_blank" rel="noopener">Configure Azure Defender for Azure SQL database to be enabled</a> (/providers/microsoft.authorization/policydefinitions/b99b73e7-074b-4089-9395-b7236f094491); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/c9ddb292-b203-4738-aead-18e2716e858f.html" target="_blank" rel="noopener">Configure Microsoft Defender for Containers to be enabled</a> (/providers/microsoft.authorization/policydefinitions/c9ddb292-b203-4738-aead-18e2716e858f); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/ffb6f416-7bd2-4488-8828-56585fef2be9.html" target="_blank" rel="noopener">Deploy export to Log Analytics workspace for Azure Security Center data</a> (/providers/microsoft.authorization/policydefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9); <b>Deploy Azure Security Center Security Contacts</b> (/providers/microsoft.management/managementgroups/alz/providers/microsoft.authorization/policydefinitions/deploy-asc-securitycontacts))
10 (<a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/040732e8-d947-40b8-95d6-854c95024bf8.html" target="_blank" rel="noopener">Azure Kubernetes Service Private Clusters should be enabled</a> (/providers/microsoft.authorization/policydefinitions/040732e8-d947-40b8-95d6-854c95024bf8); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/0fdf0491-d080-4575-b627-ad0e843cba0f.html" target="_blank" rel="noopener">Public network access should be disabled for Container registries</a> (/providers/microsoft.authorization/policydefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/1b8ca024-1d5c-4dec-8995-b1a932b41780.html" target="_blank" rel="noopener">Public network access on Azure SQL Database should be disabled</a> (/providers/microsoft.authorization/policydefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/21a8cd35-125e-4d13-b82d-2e19b7208bb7.html" target="_blank" rel="noopener">Public network access should be disabled for Azure File Sync</a> (/providers/microsoft.authorization/policydefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/34c877ad-507e-4c82-993e-3452a6e0ad3c.html" target="_blank" rel="noopener">Storage accounts should restrict network access</a> (/providers/microsoft.authorization/policydefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/55615ac9-af46-4a59-874e-391cc3dfb490.html" target="_blank" rel="noopener">[Preview]: Azure Key Vault should disable public network access</a> (/providers/microsoft.authorization/policydefinitions/55615ac9-af46-4a59-874e-391cc3dfb490); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48.html" target="_blank" rel="noopener">Public network access should be disabled for PostgreSQL flexible servers</a> (/providers/microsoft.authorization/policydefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/74c5a0ae-5e48-4738-b093-65e23a060488.html" target="_blank" rel="noopener">Public network access should be disabled for Batch accounts</a> (/providers/microsoft.authorization/policydefinitions/74c5a0ae-5e48-4738-b093-65e23a060488); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/797b37f7-06b8-444c-b1ad-fc62867f335a.html" target="_blank" rel="noopener">Azure Cosmos DB should disable public network access</a> (/providers/microsoft.authorization/policydefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a); <a class="externallink" href="https://www.azadvertizer.net/azpolicyadvertizer/c9299215-ae47-4f50-9c54-8a392f68a052.html" target="_blank" rel="noopener">Public network access should be disabled for MySQL flexible servers</a> (/providers/microsoft.authorization/policydefinitions/c9299215-ae47-4f50-9c54-8a392f68a052))
0 Blueprints scoped
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience
Download CSV semicolon | comma *Depending on the number of rows and your computer“s performance the table may respond with delay, download the csv for better filtering experience